Get private certificate into manually created mobileconfig

Hi Alan,

I'm working on the same issue. Till now, it seems that there is no possibility to retrieve a personal certificate with exportable key without using the IPCU.

In IExchangePayload, there is a variable called IdentityData as byte, this is the only variable I don't really use in my deployment.
I presume, it's this variable which will contain the personal certificate.

I hope we'll find a solution or IPCU scripting will be easier to handle with IOS 4.0 to get an easier life to helpdesk

Hi,
Problem solved !

To export personal certificate with private key, you need to use :
*certutil -f -p "password" -user -exportPFX thumbprintValue savePath*

This creates a pfx file protected by a password with private key
My powershell script uses a small C# function to retrieve the thumbprintValue from personal store and is saved into a variable in powershell.

Then, in the c# code for iPCU, just use :
pc=new X509Certificate2("path ofpfx","password",X509KeyStorageFlafs.Exportable)
and
exchangePayload.IdentityData = pc.Export(X509ContentType.Pfx,"password")
and you got the certificate into iPCU when it starts.

You need to generate yourself the distinguished name for the certificate
and store into exchangePayload.IdentityName
exchangePayload.IdentityPassword must be the same as password given before.

For now, I don't know how to hide or don't open the iPCU, it's a bit annoying, it seems not possible to generate the profil with the "API" without this window.

Another way would be to create directly the XML file.

I gave you all tips to create yourself your code.

to retrieve the thumbprint certificate from store
see : X509Certificate2Collection

method to get the thumbprint is : GetCertHashString()

My corporate obviously forbid me to share the code, sorry.